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1, INTRODUCTION 

Typical database security divided to three levels; physical security, operating system security and 
Database Management System (DBMS) security [1]. Normally DBMS gives two methods to accomplish 
security access control and data encryption. Access control is an older method to protect important data, as a 
result access control is not enough to protect sensitive data, therefor data encryption methods are used to 
protect sensitive data in DBMS [2]. This paper applies Caesar and Viginere methods for database encryption 
and decryption. 

Caesar 1s mono alphabetic cipher. The idea of Caesar method involves shifting the character in 
alphabet via three places to take other character in alphabet [3] for example A — D. Vigenere method is Poly 
alphabetic cipher. Vigenere includes the use more than one cipher alphabets. That is mean each character in 
alphabet has many cipher characters [4] for instance A > D, A > F and A — L. 

Friedman calculates the frequency of English letter to determine whether the method is mono 
alphabetic or poly alphabetic cipher; this is done by accounting the index of coincidence (I) or repeat rate. 
Friedman notes according to the Greek study, the Value of (I) is changed between 0.038 and 0.065, If (1) near 
0.065 means the method is mono alphabetic like Caesar and Affine methods otherwise the method is Ploy 
alphabetic cipher like Vigener[5]. That is mean Poly alphabetic more secure than mono alphabetic cipher. 


2. DATABASE 

The Database object is the most important object we will be dealing with because it allows us to 
interface with the database [6]. To look at the structure of a database; we need first look at the objects, 
collections, and properties that exist in our DAO hierarchy. Figure 1 shows the relevant structure and 
properties. 
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Figure 1. The tabledefs collection hierarchy [6] 


2.1. TableDefs 
TableDesfs consists of several objects. The TableDef is a representation of the Oracle/Visual Basic 
tables in the database we have opened and have access to. 


2.2. Fields 
Every TableDefs has one or more fields object. Each field contains many properties like (name, size, 
source field, source table, type and value). 


2.3. Indexes 
Every table may have one or more indexes. 


3. RELATED WORK 

The authors in this paper enhance affine ciphering and deciphering algorithms by using different 
keys length for each record [7]. 

The Author in [8] confirms that most application need database. Database may contain sensitive 
data that may be attack by third person. This paper discussed much kind of attacks on database and reviews 
some techniques for database security. 

In [9] the author applies database security in any level of DBMS. The propose research contain four 
stages requirements collection, many level relational construction, DB analysis and logical construction. 
The propose system applies actions for analysing and developing a secure DB. 

K. Kusnardi and D. Gunawan use Guillo-Quisquater protocol to allow server to authenticate user 
with zero knowledge (without knowing the user’s password). Two login methods were used file-based 
certificate with key and local storage [10]. 

In [11] the user request access the data stored in desk computer through fingerprint biometric. 
The entropy value system generates fingerprint secret code when the user (authorized person) requests 
access. The fingerprint is verified with the database in the desk computer. If it is matched, then the computer 
can be accessed by the request person. 

Picture Stream depending on Starting Late Various Fierce Key was proposed as a new Cipher 
technique [12]. A cluttered key-based scheme for image ciphering and deciphering, in which diminish 
measurements of each image pixel is processed using XOR or XNOR functions with a smidgen at a chance 
of introducing any of the two destined keys. The authors kept concentrate on three cornerstone components, 
as example rigid security, simple computations and without turning. 
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The authors in [13] proposed an image count to encode corresponding pixels from propelled 
pictures by pixel. Then such count can use stream assume to encode each image pixel using a novel logical 
course of limits known action to be the propose key. Such assessments adopted a similar key at each of the 
source and the destination. Other techniques of image encryption were also starting late proposed subject for 
substitution muddled. 

In [14], they adopted S-encase pushed encryption standard (AES) theory for count reliant as an 
image encryption technique. They demonstrated (30) diverse S-boxes by different constant polynomials. All 
segments of the S-boxes were assigned to (0 to 255) numbers and they were also adjusted mapped. The 
assigning process used vital reference that depended on a related reference as one of the 30 S-boxes is going 
to be adopted in the process of byte substitution till completing scrambling of the entire picture. 

According to the authors of [15], an estimation of image encryption is adopted, which accomplished 
using an outside key of 256-piece. In this technique, the pixel in the end of plain picture is considered to 
provide the parameters and the basic states of the cluttered systems for the essential S-box. The plain image 
is divided into social events in which each pixel is replaced by S-boxes. The image pixels are separated into 
couples of corresponding regarding image sections and adjacent lines that can be assembled over multiple 
social events. Over each these events, they make and use another S-box. Accordingly, the reviews between 
vertically adjacent pixels are distorted. After that, they use a comparable technique on divided parts to pound 
its modifications between adjacent pixels of the same level. 

The authors of [16] illustrated that the count image ciphering which is under key stream support and 
non-direct substitution box was pre-determined. The authors considered the S-box for this circumstance as a 
round gathering with a head pointer, and individual pixels of the image are combined by an S-box segment 
due to the head pointer and the pixel regard, Head pointer is then changed with the prior substituted pixel. 
Yielded results illustrated that some ciphering techniques of S-box-just have some weakness against chosen 
plaintext ambushes. 

According to Y. Zhang and D. Xiao [17] security issues of the image (S-box-simply) ciphering 
technique was purposely analyzed in addition to displayed a productive deciphering technique. 

Recently, for figuring the turmoil, several techniques were conducted depend on Stream-Cipher 
branch of Cryptography. Traditional type of Stream-Cipher Cryptography has XORing as the cornerstone to 
make secure discretionary. Action number course was a subject to sliced maps (as an example Bernoulli 
Map, key guide, or Tent Map) with the original image to get the ciphered one. Such approach of Stream- 
Cipher is obviously vulnerable against the attacks of chosen plaintext. Their technique provided different 
stream-Cipher count, which was related to incredible S-box. Their proposed estimation adopted one S-box 
and a scattered enhancing technique. Individual bytes in the vector of spatial-domain picture are replaced 
depending on another S-box in order to get the vector of the Ciphered image. Their technique yielded safe 
results for picking plaintext strikes. In addition, this count is increasingly ensured as secured against 
customary type of stream Cipher [18]. A reliable ciphering technique must be rigid against different 
techniques of cryptanalysis and other attacks. 


4. RESEARCH METHODS 

This paper used modulo 35 instead of 26, where the order of alphabet from (0-25) and the order of 
digits from (26-35). The author assumes the database name is "Cust.MDB" and the table name 1s "Customer" 
as shown in Figure 2. The Customer table will be an input to the system. The record set of the Data object 
control has a table collection properties like (fields number, records number,.., etc), the system will extract 
fields number from field property in record set. 
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Figure 2. Original Customer Table 
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The Algorithm (1) has nested loop, the main loop repeated until the end of Customer table, in each 
iteration take one record while the second iteration take a field from record to accomplish Caesar and 
Vigenere encryption, the key of Caesar shown in Table 1, is calculated by sum the length of "Full Name" and 
"City" fields for each record, for example the key is applied on word “AL KHDRA” in “Street”? field as 
shown in Table 2 and the encryption result of the “Customer” table shown in Figure 3, while the key of 
Vigenere method is extracted from "balance" field that saved in a text file as shown in Figure 4. The key of 
Vigenere is applied to Caesar cipher to produce Vigenere cipher text as shown in Table 3 and the result 
shown in Figure 5. 


Algorithm(1) A pseudo-code for Creating Encryption Text Files 


Begin 

Open database 

Open blank text file 

F= Get fields numbers from table 

While (not end of table) 

Caesar-Key1 = length of Full Name Field 
Caesar-Key2 = length of city field 
Caesar-Key = Caesar-key1+Caesar-key2 
I=0 


Loop 
Data = Field(1) 
I=I+1 


Caesar- Encryption = Call Caesar-Encryption-Fun. (Data, Caesar-Key) 

Vigenere-Key = length of balance field 

Vigenere- Encryption = Call Vigenere-Encryption-Fun. (Caesar-Encryption, Vigenere-Key) 
Repeat Until (=F) 

Print (Caesar-Text, Vigenere-Text, Vigenere-Key) 

Move Next Record 

End While 





Table 1. Records Key Length 


Full Name Keyl Length City Key2 Length Keyl + Key2 
Kadhum Ahmed Ali 16 Baghdad y 23 
Naji Ali Naji 13 London 6 19 
Asmaa Assam Kadhum 18 Arbil 5 23 
Dalal Kamel Ali 15 Baghdad 7 22 
Sameer Majed Ahmed 18 Leeds 5 23 


Table 2. Caesar Encryption Example 


Plain Text A ie K H D R A 
Character Order 0 11 10 7 3 17 0 
K=Key1+Key 2 2S 23 ps3) 23 23 23 5) 

(Character Order + K) Mod 35 23 34 33 30 26 5 23 
Caesar Chiper Character xX 8 i) 4 0 F xX 


Table 3 Vigenere Encryption Example 


Caesar Chiper x 8 7 4 0 F x 
Vi 23 34 33 30 26 5 23 
Vigenere Key ) 7 6 1 5 7 6 1 
v2 31 33 32 21 31 33 32 ZY. 
(V1+V2) Mod 35 19 32 25 26 24 2 15 
Vigenere Chiper T 6 Z 0 D4 Cc P 


The first step of Vigenere decryption process, the system calculates semicolon number in the line of 
text file which presents the number of fields in the table, in order to create blank database and table with 
field’s name. The first loop in algorithm (2) takes line from Vigenere cipher and Vigenere key that applies 
Vigenere decryption rule to obtain Caesar cipher for instance shown in Table 4. This process continues until 
the end of file. The second loop extract key length from Caesar text file and apply Caesar decryption rule to 
produce plan text for example shown in Table 5 and the final result shown in Figure 6. 
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Algorithm (2) A pseudo-code for Creating Plain Database 


Begin 
Fields Number = Number of semicolons in each line 
Create and open Database 


For I=0 to Fields Numbers 
Input Field Name 

Create Field in table collection 
Next I 


Loop 

V= Read line from vigenere text file 

Vkey= Read line from Vigenere Key text file 
Apply Vigenere —Decryption (V,Vkey) 

Write Decryption text (Caesar Text) in text file 
Repeat Until End Of File 


Loop 

C= Read line from Caesar text file 
Key1= Extract first key Length 
Key2= Extract Second Key Length 
Apply Caesar -Decryption 

Write Plain text in Database Table 
Repeat Until End Of File 

End 





Table 4. Vigenere Decryption Example 


Vigenere Chiper T 6 Z 0 Y C P 
Vi 19 32 pi 26 24 2 15 
Vigenere Key 5 I 6 1 5) 7 6 1 
V2 31 33 32 27 31 33 32 2d 
(V1-V2)>0 
F=(V1-V2) Mod 35 
(V1-V2)<0 
F=((V1-V2)+35) Mod 35 23 34 33 30 26 ) 23 
Caesar Chiper xX 8 7 4 0 F xX 
Table 5. Caesar Decryption Example 
Caesar Chiper xX 8 7 4 0 F x 
Vi 23 34 33 30 26 5 23 
K=Key1+Key 2 23 23 23 23 23 23 23 
V2 31 33 32 27 31 33 32 27 
(V1-V2)>0 
F=(V1-V2) Mod 35 _ i : : : 
(V1-V2)<0 7 
F=((V1-V2)+35) Mod 35 
Plain Text A L K H D R A 


5. RESULTS AND DISCUSSION 

The system has been implemented in Visual Basic 6. The project has two main Commands 
"Table Encryption" and "Table Decryption". When the "Table Encryption" buttons is clicked the system 
requests the path and name of database and table name, the system will process the "Customer” table and 
generate Caesar file is called "Caesar". As shown in Figure 3. 


File Edit Format View Help 


IP; 7X@4TA X4A10 X85;AF;TVUP;X8 740FX;YX34exe" 
"M;61T21 T41 6121;58;O0PSR;SECE5 CD;476W76" 





“R;XGAXX XGGXA 7X@4IA;A5GG;PQTV;X8 F1GCI8;1FY58" 
“R;ZW7W7 6W8O7 W74;84FF;UTWR;W7 XOLWW;XW23ZW2" 
"T;GXA11F AX61@ X4A1@;AFG;WPQ;@IL GH;8110G" 





Figure 3. Caesar encryption file 
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The Caesar encryption file and Vigenere keys file processed by vigenere encryption program. 
The system takes row from Vigenere key file and row of Caesar file to produce cipher text by vigenere 
method. The process will be continued until the ends of two files in which the results saved in text file called 
"Vigenere” as shown in Figure 5. 





i gH ie ~ _|"L;3VXWE7 P@7YS V5X;5D;PTRH;T6 ZOYCP;UVOWWVX" 

"4587" “H;1P1Z P3Z 2S0W;06;JLRP;@ABCO BB;Z35U22" 

"4957" “J:P85VP TE7QS ZQW2A2;1YCE;HIPT;P1 DT87G@;T7U3e" 
"P:XT7R5 GR6X7 U44;61FA;SQWM;U4 SYIWR;VT2YXTZ”" 


"7694" "S;FP20T7 1 ;868;VHI; P 
: QSTT PX8TT;868;VHJ;ZAE 7A;7TUZ7 
sah: HD” as ) 











Figure 4. Vigenere KEY FILE Figure 5. Vigenere encryption file 


The deciphering is done by click on "Table Decryption" button. The first step the system allows the 
user input fields name. The second step the application processes Vigenere text file with Vigenere key file to 
produce Caesar cipher as shown above. Finally the programs produce plain database from the output as 
shown in Figure 6. 


2] Microsoft Access 
: File Edit View Insert Format Records Tools — Help 
WZ» | id FO | So) uth } |) | Se | 2 


KADHUM AHMED ALI BAGHDAD 


NAJI ALI NAJI LONDON 
ASMAA ASSAM KADHUM ERBIL 
DALAL KAMEL ALIi BAGHDAD 
SAMEER MAJED AHMED LEEDS 





Datasheet View 





Figure 6. Plan table with fields name definition 


In [19-20] the author use Caesar method with one key for each record, it means only 26 possibilities 
which make Caesar a very week code to break. In [7] use Affine method to produce cipher database. 
Affine cipher is a mono-alphabetic cipher, uses a mathematical function with two keys (a, b) for encryption, 
where each letter in the plaintext is substituted by a number [21-22]. The possible key combinations for 
Affine cipher are 12*26-1=311, Therefor an Affine cipher is highly insecure [23]. In addition the table loss 
has field’s name as shown in Figure 7. The Vigenere Cipher was the biggest step in cryptography for over 
1000 years. The idea of switching between cipher texts alphabets as you encrypt was evolutionary, and an 
idea that is still used to make ciphers more secure [24-25]. The current system achieves two powerful points 
in comparison with affine paper [7]; first the user can input the field name when the system creates the table 
as shown in Figure 6. Second the proposed system use Vigenere method which is more secure than Affine, 
and use modulo 35 instead of 26 which increase the probability to break encryption code. 


Customer Table 


Fl F2 F3 F4 F5 F6 

1 Kadhum Ahmed Ali Mr 5000 Al Khdra Baghdad 
2 Nayji Ali Naji Mr 4500 Musum St London 
3 Asmaa Assam Kadhum Miss 13000 Al Resoul Erbil 

4 Dalal Kamel Ali Miss 7700 Al Beyaa Baghdad 
5 Sameer Mohammed Ahmed Mrs 900 Dux St Leeds 


Figure 7. Table without fields name [7] 
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6. 


CONCLUSION 
The system provides three levels of security. The first and second level use Caesar and Vigenere 


methods. Where the Caesar method is used different key lengths in each record, but the disadvantage each 
character in record has one cipher character. For this reason, the system has been strengthened with Vigenere 
method since each character has more than one cipher characters. The final level is converting table to 
text file. 
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